Along with Denuvo DRM and shader compilation stutter, “kernel-level anti-cheat protection” is one of the most high-profile issues plaguing PC gaming in recent years. The default position of most gamers is that this is a crutch used by “lazy developers” that can hurt performance and even compromise security. But after reading his Push to Talk report, in which game marketing veteran Ryan K. Rigney interviews multiple anti-cheat experts, it’s clear that this technology is here to stay.
For the uninitiated, anti-cheat operates at the kernel level, which means it operates at the deepest, most privileged layer of the operating system. Developers appreciate the level of control they have in detecting and shutting down cheat programs and pre-empting them with maximum levels of system privileges. Many consumers understandably object to relinquishing that level of control to a third party.
As an instructive example of the power and intrusiveness of these tools, a cheat engine program I installed for single-player Shogun: Total War 2 but never used was flagged by the game’s anti-cheat and I lost my account. Let’s take a look at the famous Destiny Raiders. In Bungie’s FPS-MMO.
This sense of intrusion often creates a tense, sometimes hysterical atmosphere in conversations about software. Things like review bombing, threats, and more “lazy developer” rhetoric. The experts Rigney interviewed are clearly well aware of how unpopular anti-cheats at his level are. Along with some players. Odyssey His Interactive colleague and software engineer Paul Chamberlain calls this “a cursed field to work in.”
Filip Koskinas, Head of Anti-Cheat at Riot Games, said that developers are basically trying to figure out how anti-cheat works in order to maintain any advantage over cheat developers who are constantly looking for vulnerabilities. They argue that it is necessary to keep secret how it works. While this secrecy is understandable in the arms race against cheats, it doesn’t help the technology’s reputation among gamers.
I’m less concerned about developers exploiting kernel access and more concerned about potential vulnerabilities introduced for third-party attackers to exploit. Mr. Rigney gave two examples. One is Sony’s Enhanced Copy Protection (XCP), which was infamously exploited to compromise affected systems, and the other is a backdoor vulnerability introduced by Street Fighter 5’s kernel-level anti-cheat. . In 2022, ransomware developers also utilized Genshin’s kernel-level anti-cheat to disable antivirus processes.
But all the experts Rigney spoke to agreed with a convincing argument. It is in a developer’s best interest not to betray customer trust by abusing kernel-level access or by providing products that negatively impact the system. Additionally, they claim that kernel-level access is not necessary to cause serious damage to a PC, reminding me of FromSoftware’s catastrophic security failure for the entire Soulsborne catalog on PC (up until Elden Ring , FromSoftware did not use kernel-level anti-cheat). This vulnerability caused the game’s multiplayer mode to be shut down for several months in 2022.
Unfortunately, going online on any device in 2024 comes with risks. Your refrigerator encounters a ransomware attack after downloading a new firmware update, someone tries to impersonate you on Twitter to get an Amazon gift card, or every other email you receive is your username. For example, you are trying to phish. Bank details.Monkeys are killing monkeys in the age of wolves, baby, what’s really true on the internet is that you can’t trust people. Anyone.
“Any software you install on a machine can be used to take over the machine,” Roblox’s head of anti-cheat, Clint Seredei, explained to Rigney. Chamberlain emphasized the trust factor, pointing out the level of privilege that programs outside the kernel level still have. These are the different levels of danger posed by unknown software. The whole discussion is such a distraction. ”
And at the end of the day, it’s the continued prevalence and profitability of in-game cheating that has brought us to this point. Some gamers are willing to employ kernel-level anti-cheat for even more protection. Last December, public policy researcher Jonathan Hofer wrote about his FACEIT, a platform with anti-cheat features that some gamers happily use to play Counter-Strike 2. Ta. The game itself uses other, seemingly less effective forms of anti-cheat. But another problem is that this platform is owned by Savvy Gaming Group, a subsidiary of Saudi Arabia’s Public Investment Fund. The Saudi government is well known for digital surveillance and other privacy violations.
Although I personally don’t like it, there is a demand from both players and developers to keep the game clean, and professionals mandated to do so have a clear mandate to continue using kernel-level access. There is an incentive that can be understood. Problems aside, there’s no denying that it’s apparently more effective at preventing fraud. I hope you vote with your wallet, but I’m never going to stop playing Elden Ring or Armored Core 6 just because kernel-level Easy Anti-Cheat is in use.
